Report: Pentagon fails to encrypt drone transmissions

Shane McGlaun, 31st October 2012

A reasonable individual would probably assume US surveillance drones conducting recon missions over combat zones would be broadcasting an encrypted video feed.

Unfortunately, this isn't the case - even though the Pentagon became aware four years ago that hostile entities were fully capable of tapping into drone feeds with basic equipment and a little bit of know-how. Why? Simply because the video streams were broadcast without proper encryption between the drone and US military controllers.

"If somebody could obtain reliable access to real-time Predator or Reaper video — without attribution or alerting U.S. military — that would a tremendous intel coup," Micah Zenko, a fellow at the Council on Foreign Relations told Wired. "There is an insatiable demand from Predator and Reaper imagery in Afghanistan and elsewhere. Any reluctance to use those for spying or missile strikes places operations in Afghanistan, Pakistan, Yemen, and Somalia at some risk."

According to Wired, the US DoD has been aware of the above-mentioned vulnerability since the development of the Predator in the 1990s. The issue became more widely known in 2008 when video captured from drone feeds was found on the laptops of militants in Iraq - which was apparently intercepted using $26 software.

Unsurprisingly, both the Pentagon and the defense industry promised to update the drones and encrypt the video feeds. However, four years later only 30-50% of the Predator and Reaper drones are using fully encrypted transmissions. The entire fleet won't move to encrypted communications until 2014, with drones operating overseas the first in line for updates.

It should also be noted that the very same Predator and Reaper drones transmitting unsecured video were also affected by a virus that infected their ground-based cockpits.

Both the Predator and Reaper drones use two different methods to transmit video and accept instructions. One method is via satellite to remote pilots and sensor operators; satellite communications are encrypted and considered to be secured. The problem with unsecured communications comes in the second form of communication using a radio frequency signal called the Common Data Link.

The CDL is used by soldiers on the ground to access the video feed from the drone. With no instructions to encrypt that signal, anyone who knows the proper frequencies is able to view the video feed. Apparently, the reason encryption was left off of the Predator drone originally was because the original drone was too small and lacked space for the extra gear required to encrypt signals.

One of the big problems for the military was that it had hundreds of Remotely Operated Video Enhanced Receivers known as Rovers, which are laptop-sized receivers for the video in the field. The early version of the Rovers were developed and distributed without crypto technology. The military is currently in the process of updating drone cockpits so they can accept the new encrypted signals.